Vulnerabilities > Tiki > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-11-06 | CVE-2013-4714 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-10-08 | CVE-2012-5321 | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 8.3 tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection." | 5.8 |
| 2012-10-01 | CVE-2011-4551 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. | 4.3 |
| 2012-07-12 | CVE-2012-3996 | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. | 5.0 |
| 2009-04-01 | CVE-2009-1204 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 2.2 Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupware 2.2 allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to (1) tiki-galleries.php, (2) tiki-list_file_gallery.php, (3) tiki-listpages.php, and (4) tiki-orphan_pages.php. | 4.3 |
| 2008-12-03 | CVE-2008-5319 | Multiple Unspecified vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653. | 5.0 |
| 2008-12-03 | CVE-2008-5318 | Multiple Unspecified vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653. | 5.0 |
| 2008-08-13 | CVE-2008-3654 | Remote Security vulnerability in TikiWiki Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors. | 5.0 |
| 2008-02-27 | CVE-2008-1047 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-12-27 | CVE-2007-6528 | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. | 5.0 |